zenefits
Pass
Audited by Gen Agent Trust Hub on Mar 22, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill requires the installation of the
@membranehq/cliglobal package from the NPM registry to enable integration capabilities. - [COMMAND_EXECUTION]: Utilizes the
membranecommand-line tool for authentication (login), connection management (connect), and executing API actions (action run) against Zenefits. - [PROMPT_INJECTION]:
- Ingestion points: Processes sensitive HR data from Zenefits API endpoints, including personnel records, bank accounts, and payroll information (SKILL.md).
- Boundary markers: No specific delimiters or "ignore instructions" headers are used when fetching data from the Zenefits service.
- Capability inventory: Includes shell command execution and network request proxying via the
membraneCLI (SKILL.md). - Sanitization: No explicit sanitization or validation of the retrieved HR data is described before it enters the agent's context.
Audit Metadata